Shodan
Vulnerabilities
Vulnerable Software
Exponentcms:  >> Exponent Cms  >> 2.3.9  Security Vulnerabilities
CVE-2017-18213
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-03-04
CVE-2017-7991
Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-22
CVE-2016-7780
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7782
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7783
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7784
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7788
SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-07
CVE-2016-7789
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the apikey parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-07
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved